Bug 1200189 (CVE-2022-32292)

Summary: VUL-0: CVE-2022-32292: connman: Heap overflow in gweb's received_data()
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Daniel Wagner <daniel.wagner>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: rfrohl, thomas.leroy
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 2 Marcus Meissner 2022-06-06 10:23:01 UTC 
Mitre has assigned CVE-2022-32292
Comment 3 Thomas Leroy 2022-06-08 12:49:28 UTC 
The following codestreams will require a fix after the embargo has been lifted:
- openSUSE:Backports:SLE-15-SP3:Update
- openSUSE:Backports:SLE-15-SP4:Update
- openSUSE:Factory
Comment 4 Daniel Wagner 2022-08-01 08:16:09 UTC 
Fix posted upstream

https://lore.kernel.org/connman/20220801080043.4861-5-wagi@monom.org/
Comment 6 OBSbugzilla Bot 2022-08-01 16:40:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1200189) was mentioned in
https://build.opensuse.org/request/show/992043 Backports:SLE-15-SP3 / connman
https://build.opensuse.org/request/show/992048 Backports:SLE-15-SP4 / connman
Comment 7 Swamp Workflow Management 2022-08-02 22:15:29 UTC 
openSUSE-SU-2022:10076-1: An update that fixes two vulnerabilities is now available.

Category: security (critical)
Bug References: 1200189,1200190
CVE References: CVE-2022-32292,CVE-2022-32293
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP4 (src):    connman-1.41-bp154.2.3.1
Comment 8 Marcus Meissner 2022-08-03 07:33:31 UTC 
also asked mitre to publish the CVE

Did you also submit to Factory?
Comment 9 Daniel Wagner 2022-08-04 07:28:14 UTC 
Yes, Factory is also updated. I've used the same change log. I am
surprised the backports are linked to this bug report but not the
Factory update.
Comment 10 Marcus Meissner 2022-08-04 07:33:33 UTC 
weird, verified bsc is mentioned in changes in Factory.

-> done
Comment 11 Swamp Workflow Management 2022-09-30 19:19:13 UTC 
openSUSE-SU-2022:10134-1: An update that fixes two vulnerabilities is now available.

Category: security (critical)
Bug References: 1200189,1200190
CVE References: CVE-2022-32292,CVE-2022-32293
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    connman-1.41-bp153.2.6.1